On Thu, Sep 17, 2020 at 12:02 PM Adriaan de Groot <gr...@kde.org> wrote: > > On Sunday, 13 September 2020 13:16:47 CEST Andreas Müller wrote: > > On Sat, Sep 12, 2020 at 1:33 PM David Faure <fa...@kde.org> wrote: > > > 12th September 2020. KDE today announces the release of KDE Frameworks > > > 5.74.0. > > Not mentioned here: Many (All?) licenses are now according to REUSE > > policy [1]. Reading that did not help me much so my questions here: > > For example syntax-highlighting 5.73 was clearly stated as MIT. With > > 5.74.0 it is - have not the slightest idea. > > In v5.73.0, there is a top-level file called COPYING, which contains the MIT > license (and a weird reference to "above copyright notice", which notice is > missing from the file). > > The data included with the library (XML files), however, is variously LGPL, > GPL, .. I didn't dive into it exactly. In other words, while the *code* is > MIT, the whole thing might not be (please ask a lawyer, and look closely at > exactly what you are combining). > > > In v5.74.0, there is no top-level file anymore. So you don't get a single > message "this is MIT" -- which is confusing, maybe, except that the message > was factually misleading in v5.73.0. The LICENSES/ directory tells you what > licenses are used, across the whole repository, but not what-goes-where. > > With grep, you now have a single [*], unambiguous, way of finding out what > licenses apply to the code: `grep -r SPDX-License-Identifier src/` > > That's easier than guessing the applicable license from the text blobs and the > myriad spellings of each license. > > > > So the (perhaps unfortunate) conclusion is, in licensing, "it's complicated" > and the previously unambiguous assertion "MIT" was not, in fact, unambiguous > or entirely true. > > > [ade] > > > [*] For greater coverage `reuse spdx` will give you a report on each file with > additional information, known as an SPDX bill of materials. `reuse lint` will > tell you this: > > * Files with copyright information: 147 / 1508 > * Files with license information: 72 / 1508 > > So for this repo, there's a ways to go still. Thanks for this helpful explanation - will look into the repos. My problem: I maintain an Openembedded(OE)/Yocto layer with MANY kde packets (kf5/plasma/apps). OE is picky about licenses so I need to rework all the - so called - recipes (syntax-highlighter was just an example). Need to think about some scripting here - otherwise I won't finish that before I die :) Sorry but I have further questions:
1. The files in LICENSES folder: Are all licenses there mandatory or are some of my choice: E.g. LGPL-2.0-only.txt LGPL-2.0-or-later.txt LGPL-2.1-or-later.txt Should be OK to say LPGPv2.1+ - right? 2. Other repos have the KDE approved licenses. If I understand them correctly, they reference to other licenses. So do I need to take them into account? Yeah licenses are dangerous business... Andreas